Package com.nimbusds.jose.crypto.impl

Class RSA_OAEP_SHA2

  • @ThreadSafe
public class RSA_OAEP_SHA2
extends java.lang.Object
    RSAES OAEP with SHA-256, SHA-384 and SHA-512 methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.
    Version:
    2021-09-24
    Author:
    Vladimir Dzhuvinov, Justin Richer, Peter Laurina

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey decryptCEK​(java.security.PrivateKey priv, byte[] encryptedCEK, int shaBitSize, java.security.Provider provider)
      Decrypts the specified encrypted Content Encryption Key (CEK).
      static byte[] encryptCEK​(java.security.interfaces.RSAPublicKey pub, javax.crypto.SecretKey cek, int shaBitSize, java.security.Provider provider)
      Encrypts the specified Content Encryption Key (CEK).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • encryptCEK

        public static byte[] encryptCEK​(java.security.interfaces.RSAPublicKey pub,
                                javax.crypto.SecretKey cek,
                                int shaBitSize,
                                java.security.Provider provider)
                         throws JOSEException
        Encrypts the specified Content Encryption Key (CEK).
        Parameters:
        pub - The public RSA key. Must not be null.
        cek - The Content Encryption Key (CEK) to encrypt. Must not be null.
        shaBitSize - The SHA-2 bit size. Must be 256, 384 or 512.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The encrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If encryption failed.

      • decryptCEK

        public static javax.crypto.SecretKey decryptCEK​(java.security.PrivateKey priv,
                                                byte[] encryptedCEK,
                                                int shaBitSize,
                                                java.security.Provider provider)
                                         throws JOSEException
        Decrypts the specified encrypted Content Encryption Key (CEK).
        Parameters:
        priv - The private RSA key. Must not be null.
        encryptedCEK - The encrypted Content Encryption Key (CEK) to decrypt. Must not be null.
        shaBitSize - The SHA-2 bit size. Must be 256 or 512.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The decrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If decryption failed.